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One of the new trends in the field of artificial intelligence is federated 
learning (FL), which will have promising roles in many real-world 
applications due to the work characteristics of its architecture. The learning 
mechanism for this technique is based on making training in a distributed 
manner on the local data for each client using decentralized data, then 


collecting parameters for each local training and uploading it to the server, 
which in turn will send model updates to all clients to give the final learning 
result. To provide a broad study on FL from security and privacy aspects, 
this research paper introduces a general view of FL and its categories, most 
attacks that can befall it, the safety mechanisms used by existing works in 
attacks defense, enhancing the safety and privacy of FL whether in the 
transmission or collecting of data. Then, the usage of FL in network security 
by many research papers has been presented, and how good results were 
achieved, and finally a comparison has been made between these papers. 
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1. INTRODUCTION 

In the artificial intelligence field, for building intelligent applications, the elementary and basic 
requirement is data [1]. Consequently, without data, the training for any model cannot be performed. Big data had 
been developed, so the amount of it is no further the focus of attention [2]. However, data islands are the form in 
which the data exists [3]. One of the problems that have devoted a lot of thinking and attention to artificial 
intelligence is solving data islands. Process and model the data in a centralized manner is the direct solution to data 
islands [4], [5]. In a traditional machine learning (ML) pipeline, data is collected from different sources and stored 
in a central location [6]. By such data, the training is done to make a single machine learning model once all data is 
available at a center. This scheme is called centralized learning as long as the data should be moved from the users’ 
devices to a central device in order to build and train the model [7]. 

One of the vulnerabilities of decentralized machine learning (DML) is the number of 
communication desired between the clients and the parameter server since through data transition, the data 
privacy protection be at its weakest. This means the more communications, the greater the chance of attacks 
[3]. A technological solution proposed by [8] called federated learning (FL) has newly appeared as a solution 
to address analogous matters. In FL which is considered a new research direction for artificial intelligence, 
make the training for its models shifted from the central server to the terminal equipment [2]. FL is a 
fledgling ML scheme that had been introduced by Google in 2016 to anticipate users text input with many 
mobile devices whose number reached tens of thousands whilst keeping data on devices [8], [9]. 
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FL process is described as shown in Figure 1. Firstly, a generic global model is downloaded for each 
device for local training. Secondly, local data of diverse mobile devices will used to enhance the local model 
by uploading it in an encryption mode to the cloud. Thirdly, the local models averaged update implemented 
in the cloud will be conveyed as a revived global model to the device. Finally, the previous procedures repeat 
until a certain desired performance for the model achieves or the final deadline arrives [10]. 

This paradigm is mainly presented for two reasons: i) the data may not be sufficiently available to 
centrally reside on the server-side because of the restrictions on it; and due to the number of devices is 
boundless, so the number of valuable resources that can be FL use it is so large, and ii) network 
asynchronous communication becomes usable and provides protection for data privacy by sending sensitive 
data to the server rather than using local data from the edge server where it prevents the leak of data during 
its transmission also network asynchronous communication has become an important role [11]. This 
technique development will solve the conflict between data sharing and data privacy [12]. FL is convenient 
for application when data are privacy sensitive [13]. Like in mobile devices [14] or industry applications [15] 
that data are not available to be aggregated with legal concern. The paper is organized as follows. In 
section 2, introduces the categorization of FL. Section 3 shows security and privacy aspects in FL like the 
attacks that infect it and defense techniques against these attacks besides security mechanisms used by 
researchers in data transmission and in aggregation phases of FL. Section 4 shows many research works and 
their results achieved after applying FL to provide security for the networks. Discussion is in section 5 and 
the last section, section 6, is the conclusion. 
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Figure 1. FL process flow [10] 


2. CATEGORIZATION OF FEDERATED LEARNING 
FL can be divided according to how data is distributed among various parties in feature space and in 
the sample ID into three categories. These categories are horizontally FL, vertically FL, and federated 

transfer learning (FTL) as shown in Figure 2 [4]. 

- Horizontal FL: is called as well sample-based FL. In this case, between the data features across different 
nodes, there is a certain amount of overlap, while there are quite differences in the sample space of the 
data as shown in Figure 2(a) [2], [16]. 

- Vertical FL: is called as well feature-based FL. This case is apropos when there are two data sets that 
differ in feature space but share the same sample ID space as shown in Figure 2(b) [2], [16]. 

- FTL: this category is implemented in the scenarios where two data sets vary in samples and in feature 
space as shown in Figure 2(c) [2], [17]. Limited shared sample sets are used to learn the shared 
representation between the two feature spaces and after that applied to achieve predictions for samples 
with only one-side features [4]. 
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Figure 2. Categorizations of FL (a) horizontal FL, (b) vertical FL, and (c) FTL [2] 


3. SECURITY AND PRIVACY IN FEDERATED LEARNING 
FL is an enhanced form of distributed ML that offloads the operations that the central server usually 
performed [18]. Security guarantees and additional privacy are the greatest advantages that FL affords [19]. 
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These advantages make FL useful and have an alluring rule, especially since information theft and data 
breaches are serious and common threats [16]. This section outlines the last developments in security and 
data privacy for FL. Current attack models, defense techniques against these attacks, and the various 
mechanisms used to provide security and privacy have been introduced. 


3.1. Attacks on federated learning 

FL is a goal for different attacks that intend to manipulate the collaborative learning process [3]. To 
manipulate and make a change in the global model and to take control of one or more participants, malicious 
agent benefits from the vulnerabilities [20], [21]. In such a scheme, the attacker targets to access the local 
data of the various clients, hyper parameters, updated weights in transit, or training procedures [22] in order 
to launch attacks on the global model and manipulate it. Below some of these attacks have been described. 

a. Poisoning attack: in this type of attack which has a high probability of occurrence in FL, the potential of 
tampered data weights and adding it to the global ML model is very high and that is for the possibility of 
any client in FL to access the training data [11], [23]. Poisoning can occur at the time of the training step 
and can impact either the local model or the training dataset and tamper with the global ML model 
performance in an indirect manner [16], [24]. 

b. Inference attacks: this type of attack is highly like poisoning attacks because the chance of inference 
attacks is a great from either malicious centralized server or the participants in the FL process. It is 
considered one of the biggest threats on privacy [11]. 

c. Backdoor attacks: is a manner to inject into the existing model a malicious task while maintaining the 
actual task accuracy [25]. To advance backdoor functionality into the joint model, the malicious 
participant can use model replacement [22]. Backdoor attacks have the ability to affect ML models by 
confusing them and forecasting false positives. Moreover, the intensity of backdoor attacks is high 
because defining attack occurrence takes a long time [24]. 

d. Eavesdropping: in the learning process of FL and from clients to the central server, there is an iteration in 
comprising rounds of communication. Therefore, data can extract by an eavesdropping attacker on a 
communication channel if a weak channel exists [11]. 


3.2. Defense techniques for federated learning attacks 
Some of defense techniques for FL that have been used to mitigate these types of attacks: 

a. Poisoning attacks in FL can be detected using various anomaly detection techniques. To identify events 
not match the expected activity or pattern, analytical and statistical methods can be used [7]. Euclidean 
Distance has been used by [26], to provide a model to detect the aberration in each input parameter of a 
client is used. Shen et al. [27] proposed a defense technique against malicious updates for a client by 
using clustering on all client updates before the aggregation phase. This method has proven to be 
beneficial in malicious client updates detection. Autoencoders have been proposed in [28] to prepare 
anomaly detection defense that helps in identifying malicious local model updates 

b. To mitigate inference attacks one of the model compression techniques can be used like knowledge 
distillation where knowledge is transferred by a fully trained neural network to a small mode gradually on 
what needs to be done. In training a model the computational costs [29] can saved through knowledge 
distillation technique [30]. A federated model distillation has been proposed by [31] in order to provide 
resilience in using personalized ML models besides using translators to aggregate knowledge that will be 
shared with each client 

c. One of the problems that appear in FL is when there are large-sized deep neural networks that should be 
used to train FL environment. A pruning technique has been proposed by [32], to address these issues 
where it minimizes ML model size to enhance the accuracy and reduce the complexity. Because in this 
approach it's not needed to share the full-fledged model. A pruning technique help in identifying 
communication jams and backdoor attacks more efficiently 

d. Moving target defense is one of the methods used to develop strategies and diverse mechanisms that 
change continually to boost the complexity for attackers. Its the best type for intrusion protection at the 
server-level, network-level, and application level. Also, is a defense structure constructed to vague the 
source of vulnerability from the attackers. Colbaugh and Glass [33] explained the defense of the network- 
level moving target to prevent eavesdropping-based attacks. 


3.3. Security mechanisms in federated learning 
3.3.1. Data transmission security mechanisms 

One of the most important things is the security of the data. Since the FL technique sends data 
between the local and the global model, securing mechanisms should be provided. Security mechanisms can 
be used with cryptographic protocols and algorithms. 
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a. Secret sharing schemes: secret sharing schemes [34] were used by [35], to minimize data leakage risk on 
the server-side and to assure participants’ security. Therefore, it's a good choice to provide security and 
protection for client updates in FL because they can be partition into diverse shares, which helps with the 
vulnerability concerned with the communication. 

b. Secure multiparty computation: multiple clients updates that were compiled by aggregators in FL contain 
sensitive information, Therefore, it is necessary to protect them. Multiparty computation schemes very 
appropriate approach to provide protection for the aggregation process and clients’ updates [3], [36]. 

c. Homomorphic encryption: homomorphic encryption is an encryption approach that does cipher-text 
complex mathematical operations without changing the encryption nature. From a security aspect in FL, 
client updates should not be decrypted by a central server and should be collected by it using only cipher- 
text. Homomorphic encryption can be provided to meet all these requirements [3]. Paillier federated 
multi-layer perceptron (PFMLP) has been proposed by [9] which is based on FL and partially 
homomorphic encryption. The basic idea is all learning parties just transmit the encrypted gradients by 
homomorphic encryption [37]. 


3.3.2. Secure aggregation in federated learning 
Secure aggregation is a branch of multiparty computation algorithms where a collection of parties 
hold sensitive information and do not trust each other and in order to calculate an aggregated value, it should 

collaborate [38]. Any partys information should not reveal by the aggregated value. In order to guarantee a 

secure transit process, the clients outputs before shared should be encrypted [24]. 

a. Federated secure aggregation protocol: a secure aggregation protocol proposed by [39], for FL to preserve 
the gradients privacy of clients model and assured that the users learn nothing while the server learns the 
clients inputs sum only. For practical applications [40], advanced a full version of the protocol. The 
clients raw input is masked through a random number to prevent direct detection to the central server, and 
each client arises a private-public key pair for each phase of the aggregation process, and all the clients 
are allowed to couple every other client’s public key and its private key and, to generate a private shared 
key with a hash function [3]. 

b. Blockchain FL: blockchain can be used in FL to decentralize the global aggregation process by 
permissive the blockchain network to exchange the updates of the client’ local model while verifying 
them [41]. Blockchain is suitable and useful to protect the individual local model updates from being 
disclosed and verify the validity of these updates [16]. To provide secure aggregation in FL, a 
blockchained FL architecture has been proposed by [42]. 


4. NETWORK SECURITY USING FEDERATED LEARNING 

One of the most important things in computer networks is network security. So its important to 
improve and ensure networks' safety by trained equipment to avoid the probability of any errors in the 
machines that organize security [22], [43]. ML has the ability to differentiate between benign data and 
malicious one in the network. So, it can be used to better analyze preceding cyber attacks and enhance proper 
security response [44]. FL is one of the learning techniques where each collaborator train a global model 
cooperatively [45]. Man et al. [17] have been proposed federated convolutional neural network (FedACNN), 
an intelligent intrusion detection mechanism that used CNN deep learning model through the mechanism of 
FL to complete the task of intrusion detection. Local datasets have been used with computing resources of 
edge devices for making training for the model and uploading the parameters of the model to a central server 
for collaborative training. Unlike traditional centralized learning approaches FedACNN does not need to 
transfer the raw data to a central server and that will reduce data leakage risk and assured model accuracy. By 
applying FedACNN on the network security layer-knowledge discovery in database (NSL-KDD) dataset, 
noticed that the detection results have better classification accuracy for attack data can reach 99.76%. 

Federated distributed integrated clinical environment (FedDICE) has been proposed in [46]. To 
implement collaborative learning, mitigation, and detection of ransomware attacks it integrates FL privacy- 
preserving learning into software defined networks (SDN-oriented security architecture. The results have 
shown that after applying FedDICE on a clinical environment network traffic dataset it effectively detects 
ransomware spread detection with a testing accuracy of around 99% in the DICE. FL combined with fog 
computing in federated learning empowered mitigation architecture (FLEAM) which was proposed by [45], 
to enhance detection accuracy and minimize mitigation time, enabling defenders to jointly clash botnets, thus 
consolidating the IoT security. The results have shown that FL improves the accuracy of detection up to 
approximately 95%. 

A two-step learning method called NAFT has been proposed by [47] which based on FL and transfer 
learning to handle the problem of data scarcity in network anomaly detection. In the first step, a people or 
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organization, that aims to build a network anomaly detection model Involved in FL in order to drift basic 
knowledge from other participants. Fine-tune the global detection model after FL experiments had been 
conducted on the UNSW-NB15 dataset shows that NAFT can accomplish a better anomaly detection performance 
than other methods when training data is scarce where the accuracy of NAFT reached higher than 90%. 

Research by Zhao et al. [48], that is based on FL aided long short-term memory framework has 
proposed an effective independent and identically distributed (IID) method. First, at all user servers the initial 
long short term memory (LSTM) global model is deployed. Second, every single model is trained for each 
user, and then its model parameters are uploaded to a central server. Finally, model parameters aggregation is 
performed to construct a new global model and distribute it to user servers. The proposed method FL-LSTM 
shows that after applying it to SEA dataset it can detect intrusion and has a higher accuracy detection up to 
99.21%. 

Blockchain has been supported by [49] to solve issues in fog computing like data privacy. By a 
comprehensive verification, hybrid identity generation, and off-chain data storage and retrieve, decentralized 
privacy protection will be enabled by FL-block, while avoiding single-point failure. Besides, poisoning 
attacks could be defeated from fog servers aspect. After applying FL-block on two datasets the results 
showed good performances in privacy protection. 

In computer networks, threat detection is one of the basic things in cybersecurity that is addressed 
by [50]. Using community model sharing with a streaming analytic pipeline, they presented an architectural 
approach. The models train gradually through their streaming scheme, as every log record is processed, thus, 
adapting to the drift concepts resulting from changing attacks. In addition, the approach of community 
sharing has been designed to federate learning by combining models without requiring sensitive cyber-log 
data sharing. Therefore, they provided for the operators of network security the capability to manage the 
events of cyber threats and the sensitivity of the model through analytic method weighting and community 
members in the best way suited for their available data and resources. Internal testing for their results 
indicates the usefulness of their approach. 


5. DISCUSSION 

This paper reviewed a survey on the FL technique. It explained how different researchers used it to 
secure the network from many attacks. From the previous explained papers it has been explained that FL 
enhanced the privacy of data, improved the detection and mitigation of different types of attacks by 
combining it with other techniques or by using it in different environments as shown in Table 1. 


Table 1. FL defense techniques in networking 


Reference Work Description Methods Performance measure (%) Dataset 

[17] Completes the intrusion CNN+FL Accuracy=99.76 NSL-KDD 
detection task as an intelligent 
intrusion detection mechanism 

[46] Enable collaborative learning, © FL+SDN-oriented Accuracy=99 Clinical environment 
mitigation, and detection of security architecture network traffic 
ransomware attacks dataset 

[45] Boots the accuracy of FL+fog computing Accuracy=95 NA 
detection, enabling defenders 
to jointly combat botnets 

[47] Provide network anomaly FL+transfer learning Accuracy=90 UNSW-NB15 
detection that deal with the 
data scarcity problem 

[48] Offered intrusion detection FL+LSTM Accuracy=99.21 SEA 

[49] Solve the identified issues in FL+ blockchain + fog Accuracy=75 CIFAR-10 
fog computing like data computing + distributed 
privacy hash table Accuracy=93 Fashion-MINIST 

[50] Provided for the operators of | FL+streaming NA Raw HTTP data logs 
network security the capability architecture 
to manage the events of cyber 
threats and the sensitivity of 
the model 

[51] Detecting compromised FL FPR=0 Activity, deployment 
devices in IoT networks TPR=94.07 and attack datasets 


6. CONCLUSION 

FL has been introduced to protect sensitive data on many platforms and had used by many 
researchers for different applications. In this work, FL technique and its types have been reviewed, the most 
prominent attacks it may be exposed to, and the defense methods used against these attacks. This paper also 
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provides a comprehensive study on various solutions that researchers used to offer security mechanisms for 
FL and finally clarifies multiple methods that researchers have done to provide security and privacy in the 
networks field. After discussing the results of the researchers' works, it was shown how this technology 
greatly enhanced the accuracy of detecting attacks and improving the privacy and security of the network. 
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